Security reporter tells Ars about hacked 911 call that sent SWAT team to his house (Updated)

Brian Krebs may be first journalist to suffer vicious hack known as swatting.

Update: Krebs has now written about his experience in some detail. The same people responsible for the DDoS attack carried out yesterday on Krebs' site launched a similar attack on Ars Technica this morning.

Now, Krebs has achieved a decidedly more grim distinction. On Thursday, he became one of the first journalists to be on the receiving end of a vicious hoax that prompted a raid on his Northern Virginia home by a swarm of heavily armed police officers. The tactic, known as "swatting," has long been a favorite of depraved hackers. They use computers or special phone equipment to make emergency calls that appear to come from their target's phone number. When a 911 operator answers, they report a life-threatening, sometimes horrific crime in progress. Police, often armed with assault rifles, descend on the target's home, sometimes breaking down doors in the mistaken belief that their lives are on the line by gun-toting criminals carrying out home invasion robberies or drugged-out maniacs committing multiple homicides.

It was around 5pm. Krebs, 40, had just finished preparing his home for a small dinner party he had planned for later that evening. While vacuuming his home, his phone rang a few times, but he decided not to answer since he didn't want to get held up. When he finished, he realized there was still some tape at the entrance of his house where Christmas lights had been. He thought it made sense to remove it before his guests arrived.

"As soon as I open the front door, I hear this guy yelling at me, behind a squad car, pointing a pistol at me saying: 'Don't move. Put your hands up,'" Krebs, who is a long-time friend and colleague, told me. "The first thing I said was: 'You've got to be kidding me.'"

In all, there were at least a dozen officers with pistols, shotguns, and assault rifles pointed at him. They had police dogs circling his house and cruisers had sealed off a nearby street. Krebs, who was dressed in just gym shorts and a T-shirt, complied. Wisely.

"Two different guys were barking orders at me," he continued. "I finally said: 'Which way should I go?'" One officer told Krebs to lie on the ground, but before he could comply the other cop ordered Krebs to walk backwards. Eventually, "they put the cuffs on me and took me up the street. I was freezing the whole time."

Krebs said an officer of the department told him that police received a 911 call that appeared to come from Krebs' phone. The caller posed as Krebs and said he was hiding in a closet after Russian thieves had broken into his home and shot his wife. They were now stealing jewelry, the caller reported. Fairfax County Police officials didn't respond to calls seeking comment for this article.

Some bad people don’t like him

As a savvy reporter who has chronicled hacking crimes for more than a decade, Krebs has long been on the receiving end of attacks. His site, KrebsonSecurity, is regularly knocked offline by DDoS attacks—presumably by people who are unhappy that the articles he publishes threaten their illicit livelihoods or tarnish their reputations. Indeed, the most recent attack happened only a few hours before the swarm of officers raided his house.

About six months ago, after receiving a round of new threats, he grew so concerned about the prospect of being swatted that he filed a report with the Fairfax County Police Department.

"The guy didn't even know what swatting was," Krebs said of the officer who came to his home to take the report. "I was kind of surprised."

During Thursday's confrontation, Krebs recalled making the report. But wisely, he largely kept his disbelief and dismay to himself.

"I knew immediately from the minute I saw the policemen behind the car what had happened," he said. "You don't argue with someone who's pointing a gun. You don't argue when the police show up with overwhelming force. You just do what you're told and explain it later."

After about five minutes in custody, Krebs explained that he was the victim of a monstrous crime known as swatting. One of the officers asked if Krebs was the person who had filed a report a few months earlier. When Krebs replied yes, the officers did a quick search of his home. With preparations for a dinner party clearly on display, it quickly became apparent that Krebs' home was not a crime scene and that the call was part of a fiendish plot. An officer told him later that they had tried calling him before he opened his front door but no one had answered the phone.

Krebs's website has received so many attacks over the past few years that he contracts with anti-DDoS provider Prolexic. Earlier in the day, the company sent him an e-mail purporting to come from an FBI agent. It requested that the company stop hosting his site because an article he published on Wednesday about a website selling illicitly obtained credit reports "contains illegal linking and pictures of Ssndob.ru." The letter turned out to be a fake. Later in the day, KrebsonSecurity came under yet another DDoS attack. While the journalist has no hard proof, he said he suspects all three attacks, and the tie to Ssndob.ru, are all connected.

As someone who has covered law enforcement and the dark side of the Internet for years, Krebs has long known the dangers of swatting. But he said the experience gave him a new appreciation for the tremendous risk it poses to both the target and the police officers who become unwitting accomplices in the potentially violent crime.

"There's a tendency for people to think this is a fun game," he explained. "It's a pretty dangerous thing to do. You're putting a lot of people's lives at risk. If somebody kicks in your door, I could imagine situations where people who are armed and in their home fire back at an intruder who claims to be the police. And what a mess that would be."

Krebs believes that one possible reason the scourge of swatting continues to this day is the patchwork of law enforcement agencies that respond to these crimes. Often local police are left to investigate, even when the perpetrators may be half a world away. He wants that to change. "Your local police department, the ones that are responding to these distress calls, they don't have the bandwidth," he said. "This is an area where federal law enforcement needs to be coordinating investigations. I'd like to see some sort of recognition or statement from federal law enforcement that this is something they're actively investigating."

An officer told him later that they had tried calling him before he opened his front door but no one had answered the phone.

On the bright side, that is more than I've heard swat teams do in the past. Forwarding this article to a local SWAT training officer I know. I suggest everyone in this thread who knows a police officer do the same.

152 Reader Comments

The real issue is that caller ID security is a joke. Once the originating phone switch generates the information it is trusted the rest of the way (how is a phone switch/router somewhere else supposed to know if a number is valid or not), and there are plenty of services available that let you set your own outbound CID information.

Much like the SMTP protocol, there is no easy way to fix it without breaking the way it works and requiring everyone to upgrade.

SWATting needs to be cracked down on, hard. It wastes resources, it distracts law enforcement, it's fucking dangerous. I have to wonder how long it will be until someone SWATs someone else solely to distract the police.

There's probably not a clear process for it yet, which to me means that for the short term a coordinating taskforce should be created until appropriate procedures can be enacted.

As a taxpayer, I don't think I'd mind paying to have the victim SWAT team shipped wherever necessary to storm the culprit's house.

SWATting needs to be cracked down on, hard. It wastes resources, it distracts law enforcement, it's fucking dangerous. I have to wonder how long it will be until someone SWATs someone else solely to distract the police.

There's probably not a clear process for it yet, which to me means that for the short term a coordinating taskforce should be created until appropriate procedures can be enacted.

As a taxpayer, I don't think I'd mind paying to have the victim SWAT team shipped wherever necessary to storm the culprit's house.

Chances are that it's already happened. However as the police department isn't as small as people think (and often not as big as people think either), they are able to respond to other calls at the same time (to the detriment of the swatter)

SWATting to distract police really only works in cities that don't have a dedicated response unit. For example, the city I live in of 75,000 has a police force of 52 officers. They have no dedicated SWAT team, and 10 of those 52 officers ride bikes, and not all 52 are on duty at all times of the day. I can see there not being enough police around in an emergency where they need to respond to more than one crime. Even with the 12 man county sheriff's office, highway patrol in the area, and the campus police (who are under the state's jurisdiction, not the city's), there might only be 90 LEOs available.

That having been said, I would rather see them respond to an emergency situation rather than reacting to 911 calls as "potentially a hoax." The first time they misjudge the situation in the other direction, someone is going to get killed because the police never came. Of course, I would like them to use discretion and good judgement at the scene, when deciding whether or not to knock or kick in the door.

knowing that Bieber got swat'ed fills me with a perverse schadenfreud and a sadness they didnt over-react like they do on no knock drug busts

If only our "love" for Beiber could be harnessed as fuel, and they had weekly pranks and lashings of Beiber on TV...our energy problems as well as fuel for space exploration would be a think of the past in 3 weeks!

Oh, I can guarantee it's happened. Altamonte Springs, FL -- about a decade ago. Two former police officers robbed a bank with near impunity -- because they had called in a swat response on the other end of town.

Didn't completely work out though -- which is why we know it was former LEOs involved -- they got busted

Hypothetically, If a Politician / Movie Star was phone spoofed and swatted, the fall out would be immense and _shit would get done_ to fix it.

But your average joe, good luck getting anywhere.

It wasn't a SWATting specifically, but I remember reading a year or three ago about a town's mayor (in Maryland?) getting no-knocked raided by paramilitary thugs (who promptly murdered his dogs and humiliated his family). Still don't think his town's changed their laws.

Maybe if you make that "Senator" instead of Politician we'd get somewhere.

SWATting needs to be cracked down on, hard. It wastes resources, it distracts law enforcement, it's fucking dangerous. I have to wonder how long it will be until someone SWATs someone else solely to distract the police.

There's probably not a clear process for it yet, which to me means that for the short term a coordinating taskforce should be created until appropriate procedures can be enacted.

As a taxpayer, I don't think I'd mind paying to have the victim SWAT team shipped wherever necessary to storm the culprit's house.

SWATting needs to be cracked down on, hard. It wastes resources, it distracts law enforcement, it's fucking dangerous. I have to wonder how long it will be until someone SWATs someone else solely to distract the police.

There's probably not a clear process for it yet, which to me means that for the short term a coordinating taskforce should be created until appropriate procedures can be enacted.

As a taxpayer, I don't think I'd mind paying to have the victim SWAT team shipped wherever necessary to storm the culprit's house.

Chances are that it's already happened. However as the police department isn't as small as people think (and often not as big as people think either), they are able to respond to other calls at the same time (to the detriment of the swatter)

People have a misconception about law enforcement. The majority of crimes handed over to the police go unsolved. They aren't even partially equipped to deal with this kind of crime. The feds MAYBE but not your local PD. Not by a long hot.

He was most likely detained, not in custody for a crime which are two different things, people get detained all the time.

You can also be arrested w/o committing a crime. Being arrested doesn't mean you did anything wrong. It just means the police are basically detaining you. They can arrest you to protect you from others or yourself.

I think one of the bigger problems is VoIP was never made to conform to the same standards as CLEC (competitors in the POTS arena). It used to be, while COID could be spoofed, the underlined SS7 data about a call was solid. With VoIP there are all sorts ways of spoofing that kind of data. In the end it's decimated E911 services.

Still, you don't have to be a VoIP hacker to conduct a swatting. In order to create an air gap, one popular method is to use the TDD services for the deaf to call in the 911. They make the services very easy to connect to. There's no security around the service and now you have some relay operator doing all the dirty work for you. This is what happened with the MIT swatting incident from a couple weeks ago.

He was most likely detained, not in custody for a crime which are two different things, people get detained all the time.

Oh, he was definitely in custody. If a reasonable person would believe the he cannot walk away from the police freely, then he is in custody. That's from Miranda v Arizona, a landmark SCOTUS decision that stands today. The word "detained" has no legal meaning other than "in custody", so your statement doesn't make sense. Perhaps you meant that he was in custody but not arrested, a genuine legal difference.

What I find curious is having filed this report with the PD earlier, and having current DDOS attacks on his website along with other such activity, that he would EVER not answer his phone. I am guessing he will from now on.

The police seemed to followed the correct steps here. I was gratified to see that.

As horrible as SWATing is, in one small way it could be beneficial. It puts that little piece of doubt in the back of the minds of the SWAT team and maybe they won't go in shooting Golden Retreivers or humans who react in a suprised fashion when their door gets busted down as we seen in some horrible news articles. It's one thing shooting at a suspect and another shooting to kill a complete innocent tax paying citizen.

It wasn't a SWATting specifically, but I remember reading a year or three ago about a town's mayor (in Maryland?) getting no-knocked raided by paramilitary thugs (who promptly murdered his dogs and humiliated his family). Still don't think his town's changed their laws.

Maybe if you make that "Senator" instead of Politician we'd get somewhere.

"Two different guys were barking orders at me," he continued. "I finally said: 'Which way should I go?'" One officer told Krebs to lie on the ground, but before he could comply the other cop ordered Krebs to walk backwards.

It's like they want you to non-comply. So they can bash your skull in for resisting arrest?

Longtime Ars reader. First post. Apologize for the TL;DR. The short version of the below is: SWATing is dangerous because our police are so dangerous and trigger-happy and almost never held to account for mistaken shootings.

Long version: This is interesting on several levels. The first is how SWATing mirrors the way in which some immune diseases work. Something goes wrong with the system designed to protect the organism and it attacks itself. I'm always interested in how certain systems or technologies mirror (however loosely) things happening in nature.

I daresay this simple hacker technique could very possibly destabilize this country very quickly. Imagine simultaneous similar calls to the hundreds of airports, ports, police departments, bus stations, government buildings, schools, dams, nuke power plants, military bases etc., all over the nation (all with phone numbers easily Google-accessible). It would paralyze everything for at least a short time and the fallout would be costly.

Another level of interest is the "death by a thousand cuts" issue this seems to fit into. A few years ago a terrorists organization said they were done attacking "The Great Satan" with big, showy feats of daring-do. They'd instead do small things here and there to make the US overreact to, as is its wont these days. Indeed, I believe this strategy is insightful and most likely effective in that our "authorities" with uniforms and guns tend to walk all over citizens' rights for real or perceived threats and are often not held to account for it. This helps to sow distrust for the government and things snowball from there. I for one have felt my own distrust in the government's competency, if not its intent, just by observing how the TSA falls all over itself, and badly, implementing rules and procedures based on trivial events. The result is an almost universal hatred of a government organization by its people, which eventually bleeds into other areas. If we as a society don't check our authorities' propensity to overreact for whatever reason I think, well, the terrorists might win.

SWATing also exposes a vulnerability in our society in that even if a cop shot and killed an innocent citizen as a result of it, it is very unlikely that cop would be charged with any wrongdoing. Indeed, in the US, when a cop kills a civilian its that cop's own department that does the investigation into the event, the result of which is almost invariably an exoneration of the shooter cop. Case in point, what's happened to the cops that shot up the newspaper ladies' truck during the Dorner situation a few weeks ago in LA? Will they be charged in any way? What about the recent killing of a man in Madison, WI by MadPD where the investigation refused testimony by several witnesses and only took the cop's word (the cop was exonerated). What about the cop-on-kid shooting in Brooklyn a few days ago where the result was a dead kid and what almost became a riot in response? SWATing could really start causing things like this to happen all over the country, further eroding the citizens' trust in its law enforcement and further degrading our society as a whole, causing further instability...and it snowballs from there.

The tactic, known as "SWATing," has long been a favorite of depraved hackers. They use computers or special phone equipment to make emergency calls that appear to come from their target's phone number. When a 911 operator answers, they report a life-threatening, sometimes horrific crime in progress.

At least this required some hacking to get a SWAT team sent in. A band member round here had a SWAT team break down his doors and raid his house in the early AM, based on nothing but complaints by his neighbors that he had people showing up at odd hours of the night, so he obviously must be selling meth.